What is the best way to store passwords?

What is the best way to store passwords?

In this post the word “best” gets thrown around a lot. We’ll start with a quick examination of a classic textbook definition of the word for clarity, but first capture the importance of context: In our present context, “best” can represent pretty much any means that prevents accidental or intentional disclosure of a password.

The best way for users to store passwords is to use a password manager. A password manager is a software tool that securely stores and manages all of a user’s passwords, so they don’t have to remember them all.

Password managers use strong encryption to protect user’s passwords and are designed to prevent unauthorized access. Users only need to remember one strong master password to access their password manager.

Password managers also typically offer additional security features, such as generating random, strong passwords for new accounts, and checking for password reuse across different websites.

It’s important to choose a reputable password manager that has been independently audited and is known for its security features. Additionally, users should ensure that their master password is strong and not easily guessable, as it is the key to all of their stored passwords.

This is a Rolodex. My parents have one that’s similar, with the plastic cover. They’ve discovered that the most effective way to keep track of passwords that mean the most to them – banking, shopping, retirement – is through good old fashioned “fall back to paper”. This works quite well for them, and it provides many of the same “sharing” features between the two of them that modern password managers promise.

There are some potential drawbacks. The house could burn down, and the Rolodex could be lost. Let’s face it, in the grand scheme of things if the house is a total loss, passwords _might_ be incredibly important in the moment for a few things… but for the most part my ‘rents can rely on the password reset functions well enough. It would, of course, be a good idea to store this in a fire-resistant box, while actually keeping it locked in the safe would be overkill and render it far less useful.

Dustin Decker Avatar

About the Author


Meet Dustin Decker, an accomplished information security research analyst with a wealth of expertise in daily cyber defense, incident response, intrusion detection, and network forensics. With a journey in Information Security dating back to 1999, Dustin earned his first bachelor’s degree in computer information systems from DeVry University in 2001.

But Dustin is not just about the past – he’s at the forefront of cutting-edge technology. He’s passionate about automating “all the things” using Python, PowerShell, and embracing solid DevSecOps principles. Beyond his individual achievements, Dustin’s excellence has been recognized, leading to his recent invitation to the prestigious SANS GIAC Advisory Board.

In a world where cybersecurity is paramount, Dustin Decker stands out as a dedicated professional, blending years of experience with a commitment to staying ahead in the rapidly evolving landscape.